EcomAccess Inc. (also referred to as “Income Access”, “we”, “us” or “our”) runs an Affiliate network which is used for “Affiliate marketing”: a process by which an Affiliate (part of Income Access’ Affiliate network) earns a commission for advertising products or services of Income Access’ Clients (hereinafter referred to as the Merchants). Affiliates are generally individuals or small businesses with a website and through which they advertise Merchant products or services.

We are based in Canada, part of the Paysafe Group. For more information about Paysafe Group please click here: www.paysafe.com/en/paysafegroup/comprehensive-privacy-policy/

INCOME ACCESS AS A DATA PROCESSOR / SERVICE PROVIDER

Income Access was created to manage relationships between Affiliates and Merchants using online tracking technology.

Income Access has created a technology by which an Affiliate earns a commission for advertising the products of Income Access’s Clients (Merchants). To calculate the commissions earned by Affiliates, the Income Access technology tracks website visitors on behalf of our Clients and records certain categories of data. Please note that we use the terms ‘data’ and ‘information’ interchangeably, as the laws governing our business may refer to both ‘personal data’ and ‘personal information’.

This means that most of the information (both personal and non-personal) processed by Income Access is on behalf of our Clients in our capacity as a data processor / service provider (Data Processor) when providing our tracking technology and services for their Affiliate programs.

Income Access requires Merchants and Affiliates to adhere to all relevant privacy laws as well as good business practices as a condition of membership/participation in an Income Access Affiliate Program or Client’s own Affiliate Program. Income Access is, however, not responsible for the information collection and processing practices of our Merchants or Affiliates who retain a duty to ensure compliance with their respective privacy and legal obligations.

Merchants and Affiliates who run their own programs may collect information from or about Internet users, including personal information. The collection, use, and disclosure of this information by Merchants and Affiliates is subject to their respective privacy and cookies policies and notices, which may differ from Income Access’s Privacy Notice.

If you believe your data is being processed by Income Access on behalf of a particular Merchant or by an Affiliate and you have a privacy related query, in the first instance your query should be directed to that Affiliate or Merchant in their capacity as the data owner or controller for your information.

INCOME ACCESS AS A DATA CONTROLLER / OWNER

Income Access also processes personal information as a data owner or controller (Data Controller) when it collects the personal information of our Merchants’ employees and Affiliates who sign up to Income Access’s Affiliate Network directly and create an account with us. When we are data owner or controller, this means we are not providing services on behalf of a third party, but we control the manner and means of the processing of personal data, including its use.

All personal information of Merchants and Affiliates provided by them during the sign-up process to our Affiliate Network are retained and used by Income Access in order to fulfil the purposes set out in this notice.

Personal and non-personal information

Depending on the capacity in which you engage with Income Access (a website visitor, a service provider, a Merchant or an Affiliate) we may collect and process different types of both personal and non-personal information relating to you.

Ordinarily, when we track website visitors on behalf of our Clients (the Merchants and Affiliates) we process the following categories of non-personal information which may include but are not limited to:

• Overall number of website visitors coming from Affiliate’s to Merchant’s website;
• From which Affiliate website they came from;
• Which banners or adverts they clicked on;
• As well as their journey once they “land” on a Merchant’s website (e.g. if ultimately an account has been created by that visitor);
• Revenue and commission data calculation for Affiliates and Merchants; and
• Our Merchants and Affiliates may also supply personal information, such as: usernames, Unique ID numbers, *IP addresses, etc. that may enable the identification of individuals.

When we act as a Data Controller or data owner for the purposes of Account creation and management of the Income Access Affiliate Network, we process personal information of Merchants and Affiliates provided by them during the sign-up process and may include, but is not limited to, the following categories of data:

• Merchants’ and Affiliates’ names, address, contact details such as email address and telephone number and KYC/KYB data, such as identity documents, bank statements and utility bills; and
• In some cases, we may also collect “KYC” data about the Affiliates on behalf of our Clients the Merchants that may include Banking information, such as bank statements, as well as utility bills.

We may receive information about Merchants and Affiliates and their representatives from other sources and add it to our account information, including when they apply to use the services. For example, we work closely with, and receive information from, third parties like credit reference and fraud prevention agencies.

* To the extent that Internet Protocol (IP) addresses (or similar identifiers) are clearly defined to be personal information under any local law, and where such local law is applicable to services, we will manage such identifiers as personal information.

Income Access will only process your personal information in compliance with applicable law. Such laws vary across different territories and specific details are available on request. In particular, Income Access may primarily be subject to (as applicable) the European General Data Protection Regulation (GDPR), Quebec’s Act Respecting the Protection of Personal Information in the Private Sector and Canada’s own federal Personal Information Protection and Electronic Documents Act (PIPEDA). Some of these laws require us to set out the legal basis under which we process and use data. Where we act as a Data Process, we process personal data based on the documented instructions of the Merchants which are responsible for determining the applicable lawful basis. Where Income Access acts as a Data Controller and to the extent applicable under such law, Income Access will process:

• On the basis of your consent, for example to send you marketing messages about products and services in accordance with your interests and preferences, where such consent is required by law;
• Where necessary for the performance of, or entry into, any contract we have with you, for example, in order to provide you with the services you have subscribed – in that context, we need that information because otherwise we would not be able to provide the services to you. For example, if we are required to verify your identity and you do not supply us with the relevant information, we may be unable to open an account for you;
• Where Income Access has a legitimate interest to process data, subject to such processing not overriding your own rights and freedoms in objecting to such processing. For example, to keep you informed about your use of the services, improve and develop the services, conduct online advertising or other marketing activities, as well as manage, enforce and defend any claim;
• Where Income Access has a legal obligation to collect, use and/or disclose your personal information or otherwise needs your personal information to comply with the rules imposed by our or other applicable regulators; or
• Exceptionally, we may share your information with a third party when necessary, in the public interest, for example, when law enforcement agencies or other third parties with whom you may have had dealings request information to investigate a crime or otherwise a breach of third-party terms of business.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information for any specific processing activity, please contact us via the Contact Us section below.